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A METHOD OF PROVIDING A PROXY SERVER BASED SERVICE TO A 
COMMUNICATIONS DEVICE ON A NETWORK 

FIELD OF THE INVENTION 

[0001] This invention relates to comnnunications over a network. In particular it 
relates to a nnethod of providing a proxy based service to a wireless 
communications device on a network. 

BACKGROUND 

[0002] Mobile communications devices, such as mobile telephones, two-way 
pagers, Personal Digital Assistant (PDAs), Personal Information Managers 
(PIMs), and other hand-held computing devices have become very popular. In 
many cases these mobile communications devices are used as entry points into 
the Internet and intranets. 

[0003] A problem common to many conventional mobile communication 
devices is that these devices are characterized by severe limitations in 
processing power, memory size, display size and the size of the buttons or keys 
by which a user can input request to, view and manipulate information obtained 
from a network server. Furthermore, the bandwidth of the communications 
channels connecting these mobile devices to a network server e.g. a hypermedia 
server on the Internet, is also severely limited. 

[0004] One attempt to overcome these limitations of current mobile devices is 
to make use of a proxy server to facilitate communications between the various 
communications devices and a network server, the role of the proxy server being 
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to provide an interface between the wireless network on which the 
communications devices operate and the (wired) network on which the network 
server operates. The proxy server may also be used to provide value added 
services to the mobile communications devices. The proxy servers are 
implemented as network server devices having hardware and software 
components which allow the proxy server to provide services to the mobile 
communications devices. For example, a proxy server can be used to provide 
bookmarks, cookie caches, implementation of privacy agreements, sub-id 
translations, location information, presence information, etc. to a mobile 
communications device. However, in order for the proxy server to provide these 
services, it is necessary for the proxy server to be able to access 
communications or requests from the mobile communications device to the 
network server and specifically, to have knowledge of the content of such 
requests. 

[0005] It is desirable to provide end-to-end secure communications between 
the communications device and the network server, for various reasons. In the 
case of true end-to-end secure communications between the communications 
device and the network server, all requests are encrypted and tunneled through 
the proxy server. Alternatively, a secure connection may be achieved by 
bypassing the proxy server entirely. In both these scenarios, when a true end-to- 
end secure connection is established between the mobile communications 
device and the network server, the proxy server will not have knowledge of the 
content of requests by the mobile communications device to the network server. 
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Consequently the proxy server will not be able to provide value-added services, 
such as those mentioned above, to the mobile communications device. 

SUMMARY OF THE INVENTION 

[0006] The invention provides a method of using a communications device to 
access an on-line service provided by a network server. The method comprises 
accessing a proxy server based service in order to obtain information required by 
the network server in order to process a request to access the on-line service. 
The information is then sent to the network server via a secure connection with 
the network server. 

[0007] The invention also provides a method for a proxy server to provide a 
proxy server based service to a communications device. The method comprises 
receiving a request from the communications device to access the proxy server 
based service and processing the request. The result of the request is then sent 
to the communications device for forwarding to a network sen/er via a secure 
connection previously established between the communications device and the 
network server. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0008] The present invention will now be described, by way of non-limiting 
example, with reference to the accompanying drawings in which: 

[0009] Figure 1 shows a network environment in which the present invention 
may be practiced; 

[0010] Figure 2 shows a flow chart illustrating various steps performed by a 
communications device in a communication between the device and a network 
server, in accordance with one aspect of the invention. 

[0011] Figure 3 shows a flow chart illustrating the operations performed by a 
network server in order to service a request by a communications device, in 
accordance with another embodiment of the invention. 

[0012] Figure 4 shows a flow chart illustrating the operations performed by a 
proxy server in order to service a request by a communications device, in 
accordance with a further embodiment of the invention. 

[0013] Figure 5 shows a schematic drawing of an example of an end-to-end 
communications flow between a communications device and a network server, in 
accordance with the invention; 

[0014] Figure 6 shows a more detailed schematic drawing of the end-to-end 
communications flow shown in Figure 5; 
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[0015] Figure 7 shows a block diagram of a mobile communications device in 
accordance with the invention; 

[0016] Figure 8 shows a block diagram of a proxy server in accordance with 
the invention; 

[0017] Figure 9 shows a block diagram of a network server in accordance with 
the invention. 
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DETAILED DESCRIPTION 

[0018] Described herein is a metliod of using a communications device to 
access an on-line service provided by a networl< server. Thie method comprises 
accessing a proxy server based service in order to obtain information required by 
the networl< server in order to process a request to access the on-line service. 
The information is then sent to the network server via a secure connection with 
the network server. 

[0019] A method for a proxy sen/er to provide a proxy server based service to 
a communications device is also described. The method comprises receiving a 
request from the communications device to access the proxy server based 
service, processing the request and sending the result of the request to the 
communications device for fonwarding to a network server. The result is sent via 
a secure connection previously established between the communications device 
and the network server. 

[0020] Figure 1 shows an exemplary network environment 100 in which 
various embodiments of the present invention may be practiced. Network 
environment 100 includes a wireless network or airnet 102 that is coupled to a 
land based network or landnet 104 via a proxy server 106. 

[0021 ] Landnet 1 04 may be or may include the Internet, an intranet or a data 
network such as a Local Area Network (LAN). The communications protocol 
supporting landnet 104 may be, for example, Transmission Control Protocol 
(TCP/IP), Hand-Held Transfer Protocol (HTTP), or secure HTTP (sHTTP). 
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[0022] Airnet 1 02 may, for example, be a network such as a Mobile Digital 
Packet Data (MDPD) network, a Global System for Mobile (GSM) network, a 
Code Division Multiple Access (CDMA) network, or a Time Division Multiple 
Access Network (TDMA) network. The communications protocol used by the 
airnet 102 may include, for example. Wireless Application Protocol (WAP) and/or 
Hand-Held Device Protocol (HDTP). Components of the airnet 102 include 
transceiver base stations 107A and 107B, each of which facilitate wireless 
communications within its respective cell. As shown, mobile communications 
devices 108A, 108B, 108C may operate within the area served by airnet 102. 

[0023] Airnet 1 02 connects to landnet 1 04 via proxy server 1 06. Proxy server 
106 serves to convert communications as they pass between airnet 102 and 
landnet 104 and thus functions as a gateway server. Coupled to the landnet 104 
are network servers 1 10, 1 12, and 1 14, each of which supports communications 
with landnet 104. Each of the mobile communications devices 108A, 108B and 
108C, are configured to retrieve remotely stored hypermedia information such as 
Wireless Mark-up Language (WML) documents, Hyper-text Mark-up Language 
(HTML) documents, Compact HTML (CHTML) documents. Extensible Mark-up 
Language (XML) documents, or Hand-Held Device Mark-up Language (HDML) 
documents from the network servers 1 10, 1 12 and 114. 

[0024] Proxy server 106 supports communications according to HTTP on the 
landnet 104 side and communication according to HDTP and/or WAP on the 
airnet 102 side. Proxy server 106 also has software and/or hardware to provide 
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various services to mobile communications devices 108A, 108B and 108C, as 
will be described in greater detail below. 

[0025] Each network server 1 1 0, 1 1 2 and 1 1 4 may be a conventional network 
server tiaving specialized software to carry out the methodology of the present 
invention, as will be described in greater detail below. In one embodiment, when 
landnet 104 is the Internet, each network server, 1 10, 112 and 114 may be 
implemented as a web server storing hypermedia information such as HTIVIL 
documents. 

[0026] The mobile communications devices 1 08A, 1 08B and 1 08C may be 
mobile telephones, 2-way pagers, Personal Digital Assistants, (PDAs), Personal 
Information Managers (PIMs), or any other hand-held computing device. For 
purposes of this description, it will be assumed that each of the mobile computing 
devices, 108A, 108B and 108C is a mobile telephone. An embodiment 150 of a 
mobile telephone that may be used to practice the present invention is described 
with reference to Figure 5 of the drawings. 

[0027] As discussed above, mobile telephone 150 has severe limitations in 
terms of processing power, memory size, display size, and the size of the buttons 
or keys by which a user can request, view, and manipulate information, such as 
hypermedia information stored on, for example, network server 1 14. These 
limitations, can be overcome in the prior art by using a proxy ser\^er to provide 
services to mobile telephone 1 50. 
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[0028] One example of such a service is a "bookmark" or "favorites" service. 
Conventional web browsers are able to access lists of frequently used 
hypermedia links, e.g. URLs, which are stored in memory. However, because of 
its limited storage capability, the mobile telephone 150 has insufficient storage to 
store such a list of frequently used hypermedia links. This severely reduces the 
usefulness of mobile telephone 150 for the purpose of, for example, browsing the 
world-wide-web. This limitation is overcome by providing a bookmark service, 
resident in the proxy server, which allows a user of mobile telephone 150 to store 
and access a list of frequently used hypermedia links in a memory device 
resident in the proxy server. 

[0029] Another example of a service which a proxy server may provide to 
mobile telephone 1 50 is a "location" service. There are many web-based 
applications that require specific information relating to the location of a mobile 
communications device. For example, network server 1 14 may be used to 
provide location or map information to mobile telephone 150. In order to do this 
the exact location of the mobile telephone 150 must be sent to the network 
server 1 14. A proxy server may be used to provide the exact location of mobile 
telephone 150 to network server 114. In practice, a communication from the 
mobile telephone 150 requesting map information from network server 1 14 is first 
sent to the proxy server. The proxy server has specialized software, which is 
able to determine that the communication from mobile telephone 150 requires 
the location of mobile telephone 150 in order for network server 114 to provide 
the necessary information to mobile telephone 150. In response to a 
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determination that location information is required, tlie proxy server is able to 
determine the location of mobile telephone 150 either by calculating the location 
itself or by accessing a remote server in order to provide this information. The 
proxy server thereafter enhances the communication from mobile telephone 150 
by adding the location information thereto before fonA/arding the enhanced 
communications to network server 1 14 for processing. 

[0030] However, as previously noted, it may be desirable to have an end-to- 
end secure connection between the mobile telephone 150 and the network 
server 114. In order to facilitate discussion of the invention, it is assumed that a 
user of mobile telephone 150 wishes to communicate with network server 1 14 via 
a secure end-to-end connection. Such a connection may be achieved by 
encrypting communications from mobile telephone 150 and tunneling it through 
proxy server 106. Alternatively, proxy server 106 may be bypassed entirely by 
routing the communications to another gateway server. The particular method 
used to achieve the end-to-end secure connection is not germane to the 
invention. 

[0031] It will be appreciated that as a result of the secure end-to-end 
connection between mobile telephone 150 and network server 1 14, proxy server 
106 is unable to access, and therefore enhance in the manner described above, 
a communication request from mobile telephone 150 to network server 114. For 
the same reason, proxy server 106 is unable to provide services, e.g. a 
bookmark service to mobile telephone 150. 
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[0032] The present invention provides a solution to this problem by allowing 
proxy server 1 06 to access communications or requests from mobile telephone 
150 to network server 114 even in the presence of an end-to-end secure 
connection. 

[0033] Figure 2 shows a flow chart illustrating various steps in a 
communication between mobile telephone 150 and network server 1 14 in 
accordance with one aspect of the invention. At block 200, mobile telephone 1 50 
establishes a connection with proxy server 1 06. This connection may be 
established using, for example, the HTTP or sHTTP protocols. At block 202, 
mobile telephone 150 establishes a secure end-to-end connection with network 
server 1 14. This secure end-to-end connection may be achieved using the 
TCP/IP protocol and tunneling through proxy server 1 06. At the end of block 
202, mobile telephone 150 has two open sessions viz, a secure end-to-end 
session with network server 114 and either a secure or non-secure session with 
proxy server 106. At block 204 mobile telephone 150 sends a request for 
hypermedia information to network server 1 14 via the secure connection 
therewith. At block 206 mobile telephone 150 receives a response to the 
request. At block 210 the response is analyzed in order to make a determination 
as to whether additional information is required by network server 1 14 in order to 
service the request. If no additional information is required then at block 220 
mobile telephone 1 50 displays the hypermedia information received from network 
server 114. 
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[0034] If it is determined that additional information is required, for example 
location information to access a "location" service as described, then mobile 
telephone 150 sends a request to proxy server 106 to access the appropriate 
proxy service at block 212. This request is sent via the connection established 
between the mobile telephone 150 and proxy server 106. At block 214 mobile 
telephone 150 receives a reply from proxy server 106. At block 216 a 
determination is made as to whether the proxy service was successfully invoked. 
If the appropriate service was not successfully invoked, for example if the service 
is not provided by the carrier of airnet 102, then at block 218, mobile telephone 
150 displays an appropriate error message. If the service was successfully 
invoked then mobile telephone 150 sends a second request for the hypermedia 
information to network server 114 via the secure end-to-end connection at block 
220. At block 222, mobile telephone 150 receives a reply to the second request 
from network server 1 14 and at block 224 mobile telephone 150 displays the 
hypermedia information. 

[0035] In accordance with another aspect of the invention, network server 1 14 
performs the operations depicted in Figure 3. Referring to Figure 3, at block 
300 network server 114 receives a request for information from mobile telephone 
150. At block 302 a determination is made as to whether additional information, 
for example the location of the mobile telephone 150, Is needed from mobile 
telephone 150 in order to service the request. If it is determined that no 
additional information is required then at block 306 network server 114 processes 
the request and at block 308 the result of said processing is sent to mobile 
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telephone 150. On the other hand, if it determined that additional information is 
required in order to service the request, then at block 304 a reply is sent to 
mobile telephone 150, the reply indicating what additional information is required. 
In accordance with the invention, the reply that is sent at block 304 is in a format 
which is understandable by proxy server 106. This saves on any computation 
that mobile telephone 150 has to make at block 212 in order to create a request 
to send to proxy server 106. By way of example, the reply that it sent at block 
304 may be in the form of a simple error message for example, standard sHTTP 
error message "409" which is understandable by proxy sen/er 106. In this case 
at block 212 mobile telephone 150 simply auto fonwards the reply from network 
server 1 14 to the proxy sen/er 106 for processing. 

[0036] The operations performed by proxy server 1 06 in accordance with the 
invention are shown in Figure 4 of the drawings. Referring to Figure 4, at block 
400 proxy server 106 receives, from mobile telephone 150, a request to access a 
particular proxy service. The proxy service may be a bookmarking sen/ice, a 
cookie caching service, a service to manage privacy agreements, a service to 
provide sub-id translations, a service to provide location or presence information, 
etc. At block 402, proxy server 106 determines whether the particular service 
requested is available on the network. If the service is not available then at block 
404, an appropriate error message is generated and sent to mobile telephone 
150 at block 406. If the requested service is available then the service is invoked 
by proxy server 106 at block 408 and at block 410 the result of the service is sent 
in the form of a reply to mobile telephone 150. 



Application 



13 



Atty Docket No. 03399P047 



[0037] Figure 5 shows one example of an end-to-end communication flow 
between mobile telephone 150 and networl^ server 114. Referring to Figure 5, 
an initial communication 500 is sent to the network server 1 14 by mobile 
telephone 150 via a secure end-to-end connection established therewith in 
accordance with the methodology described with reference to Figure 2. The 
communication 500 is in the form of a secure sHTTP request. If in order to 
service the request 500, the network server 114 requires enhanced or extended 
information, for example, location or presence information, etc., then network 
server 1 14 responds by sending an error message 502 back to mobile telephone 
150. AS discussed, the error message 502 may be the standard HTTP error 
"409". Upon receipt of the error message 502, mobile telephone 150 sends a 
communication 504 to the proxy server 106 requesting processing of error 
message 502. Proxy server 106 services the request and sends a response 
document which includes the information required by network server 1 14 by way 
of a reply 506. Mobile telephone 150 receives the response document and 
reissues a HTTPs request 508, via the secure connection to network server 114. 
Network server 114 services the request 508 and an HTTP reply 510 is sent 
back to the mobile telephone 150 via the secure end-to-end connection. 

[0038] Figure 6 of the drawings shows one example of an end-to-end 
communication flow of Fig. 5 in more detail. Referring to Figure 6, at block 1 an 
initial request is made to proxy server 1 06. The request may include, among 
other things, a proxy-authorization HTTP header, a number of mandatory 
headers (user-agent, user charset, etc.) and any number of optional headers. At 
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blocks 2 and 3 the request is passed to an authentication service in terms of 
which the proxy-authorization HTTP header is used to determine the existence of 
the particular subscriber. At blocks 4 and 5 the identity service is invoked to 
create a private temporary which is returned to mobile telephone 150 in the form 
of an HTTP response header. At block 6 proxy server 106, having detected the 
CONNECT method, establishes an end-to-end tunnel. This is done after having 
previously authenticated and checked to determine if such an end-to-end tunnel 
can be established. At block 7 upon successful establishment of the tunnel, 
proxy server 1 06 returns the Status 200 and a header containing the private 
identity is inserted into the response headers. Mobile telephone 150 may choose 
to send this header in a subsequent secure HTTP GET request to network server 
114. At step 8 mobile telephone 150 sends a GET method using the secure 
HTTP scheme, with the appropriate headers, directly to network server 114. At 
step 9 network server 114 sends a HTTP reply directly back to mobile telephone 
150. 

[0039] Referring now to Figure 6 of the drawings, the principle components of 
a mobile communications device in accordance with one embodiment of the 
invention, in the form of a mobile telephone 150, are shown schematically. The 
mobile telephone 150 includes a processor 152 which may be or include any of: 
a general-or-special purpose programmable microprocessor, Digital Signal 
Processor (DSP), Application Specific Integrated Circuits (ASIC), Programmable 
Logic Array (PLA), Field Programmable Gate Array (FBGA), etc., or a 
combination thereof. The mobile telephone 150 includes a Wireless Control 
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Protocol (WCP) interface 154 that couples to a carrier network via airnet 102 to 
receive incoming and outgoing signals. Device identifier (ID) storage 156 stores 
and supplies to WCP interface 154 a device ID which identifies mobile phone 150 
to outside entities (e.g. proxy server 106). The device ID is a specific code that is 
associated with mobile telephone 150 and directly corresponds to the device in 
the user account typically provided in an associated proxy server device, such as 
proxy server 106. 

[0040] In addition, mobile telephone 150 includes memory 158 that stores data 
and/or software for performing many of the processing tasks performed by the 
mobile device 150 when executed by the processor 152. These tasks include: 
establishing a communications session with proxy server 106 via a wireless link 
to airnet 102; establishing a secure communications session with the network 
server 1 14 by tunneling through proxy server 106; requesting and receiving data 
from network server 1 14 and from the proxy server 106 via the carrier network; 
and displaying information on a display. Hence, memory 158 may represent one 
or more physical memory devices, which may include any type of Random 
Access Memory (RAM), Read-Only Memory (ROM), (which may be 
programmable), flash memory, non-volatile mass storage device, or a 
combination of such memory devices. Memory device 158 is also coupled to 
WCP interface 154 for the establishment of the communications sessions with 
network server 1 14 the proxy server 106 as described above. Mobile telephone 
150 further includes a display 160 and a keypad 162. Mobile telephone 150 also 
includes voice circuitry 164 for inputting and outputting audio, and an 
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encoder/decoder 166 coupled between processor 152 and voice circuitry 164 for 
encoding and decoding audio signals. 

[0041] Referring now to Figure 7 of the drawings reference numeral 1 06 
generally indicates one embodiment of a proxy server in accordance with the 
invention. The proxy server 106 includes a memory device 252 which may 
represent one or more physical memory devices as described above with respect 
to mobile telephone 150. The proxy server 106 has loaded into the memory 
device 250 a proxy server application 254A and a gateway application 254B. 
The illustrated proxy server 106 further includes a disk drive 256, and a CD 
ROM drive 258 coupled to a peripheral device and user interface 264 via process 
bus 262. Processor 250, memory device 252, disk drive 256 and CD ROM 258 
are generally known in the art. 

[0042] The peripheral device and user interface 264 provides an interface 
between processor bus 262 and various components connected to a peripheral 
bus 270 as well as to user interface components such as display, keyboard, 
mouse, speakers, and other user interface devices. A wireless network interface 
266, and landnet interface 268 are coupled to peripheral bus 270. Each of these 
interfaces 266, 268 may comprise a peripheral component card coupled to 
peripheral bus 270. The wireless network interface 266 couples proxy server 
106 to airnet 102 illustrated in Figure 1 of the drawings. The landnet interface 
268 couples proxy server 106 to landnet 104 and operates according to the 
protocols as previously described. When executing program instructions written 
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according to the principles of thie present invention, proxy server 106 is able to 
perform the operations described in Figure 3 of the drawings. 

[0043] Referring to Figure 8 of the drawings, reference the numeral 1 1 4 
generally indicates a network server 1 14 in accordance with another aspect of 
the invention. The network server 114 includes similar components to the proxy 
server 106 and accordingly the same reference numerals have been used to 
indicate the same or similar components. A principle difference between the 
network server 1 14 and proxy server 106 is that memory device 252 includes a 
set of instructions 255 which when performed by the processor causes the proxy 
server to execute the methodology described with reference to Figure 4 of the 
drawings. Furthermore, network server 1 14 does not have a wireless network 
interface. 

[0044] In accordance with the method of the invention, various proxy services 
provided by a network carrier may be provisioned in a mobile communications 
device in accordance with the invention. Alternatively, the services may be 
discovered by the mobile communications device during a communications 
session with the proxy server 106 as described. This could be achieved by using 
a proxy: <service> URI scheme in which each additional service in the proxy 
would be identified by the <service> portion, for example, proxy: location. 
Alternatively, this could be done by using a single, proxy: URI scheme, for 
example proxy: service. Proxy server 106 will then be able to parse the incoming 
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request from the mobile communications device and invoke the appropriate value 
added service. 

[0045] One advantage of the present invention is that the provider of the 
hypermedia content stored on network server 114 only has to implement one 
protocol. 

[0046] Another advantage is that the service provider who provides 
connectivity into airnet 102 is able to offer value added services from a centrally 
managed proxy server regardless of the security mechanism used in the 
underlying connection. This allows service providers to preserve business 
models and revenue showing opportunities, while still providing a true end-to-end 
secure service model. 

[0047] Although the present has been described with reference to specific 
exemplary embodiments, it will be evident that various modifications and 
changes may be made to these embodiments without departing from the broader 
spirit of the invention as set forth in the claims. Accordingly, the specification and 
drawings are to be regarded in an Illustrative sense rather than in a restrictive 
sense. 
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